Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4b78669686
Branches Tags
krackattacks
/
hs20
/
server
/
www
/
cert-enroll.php

cert-enroll.php 890 B
History Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. <?php
    2. 

  2. 

  3. require('config.php');
    4. 

  4. 

  5. $db = new PDO($osu_db);
    6. 

  6. if (!$db) {
    7. 

  7.    die($sqliteerror);
    8. 

  8. }
    9. 

  9. 

  10. if (isset($_GET["id"]))
    11. 

  11.   $id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
    12. 

  12. else
    13. 

  13.   die("Missing session id");
    14. 

  14. if (strlen($id) < 32)
    15. 

  15.   die("Invalid session id");
    16. 

  16. 

  17. $row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
    18. 

  18. if ($row == false) {
    19. 

  19.    die("Session not found");
    20. 

  20. }
    21. 

  21. 

  22. $uri = $row['redirect_uri'];
    23. 

  23. $rowid = $row['rowid'];
    24. 

  24. $realm = $row['realm'];
    25. 

  25. 

  26. $user = sha1(mt_rand());
    27. 

  27. 

  28. if (!$db->exec("UPDATE sessions SET user='$user', type='cert' WHERE rowid=$rowid")) {
    29. 

  29.   die("Failed to update session database");
    30. 

  30. }
    31. 

  31. 

  32. $db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
    33. 

  33. 	"VALUES ('', '$realm', '$id', " .
    34. 

  34. 	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
    35. 

  35. 	"'completed user input response for client certificate enrollment')");
    36. 

  36. 

  37. header("Location: $uri", true, 302);
    38. 

  38. 

  39. ?>
    40.